By Suljov
ReconRunner is a webapp tool designed to streamline and simplify directory and file brute-forcing, subdomain enumeration and sql injections. By leveraging popular tools like gobuster, wfuzz, feroxbuster, rustscan, nmap, subfinder and sqlmap, ReconRunner offers a more flexible and powerful experience with enhanced handling of wordlists, protocols, and outputs.
- come up with more idéas for features
- add feature for simple fuzzing (web)
- add flag to urlencode the payload
- add feature for simple fuzzing (web)
- sqlmap
- subfinder
- rustscan
- nmap
- wfuzz
- gobuster
- feroxbuster
git clone https://github.com/suljov/ReconRunner
cd ReconRunner
chmod +x install.sh && ./install.sh
To install ReconRunner, clone the repository and run the installation script:
$ reconrunner --help
____ ____
/ __ \___ _________ ____ / __ \__ ______ ____ ___ _____
/ /_/ / _ \/ ___/ __ \/ __ \/ /_/ / / / / __ \/ __ \/ _ \/ ___/
/ _, _/ __/ /__/ /_/ / / / / _, _/ /_/ / / / / / / / __/ /
/_/ |_|\___/\___/\____/_/ /_/_/ |_|\__,_/_/ /_/_/ /_/\___/_/
usage: ReconRunner [-h] {subs,subs2,dirs,dirs2,sql,fuzz,portscan,portscan2,config} ...
ReconRunner made by suljov. Streamlines scanning by automating tasks for webapp pentest and organizing results for a more efficient experience.
positional arguments:
{subs,subs2,dirs,dirs2,sql,fuzz,portscan,portscan2,config}
subs Subdomain enumeration. (tool: subfinder)
subs2 Second way of subdomain enumeration. (tool: wfuzz)
dirs Directory/file enumeration. (tool: feroxbuster)
dirs2 Directory/file enumeration. (tool: gobuster)
sql SQL Injection detection. OBS: output does not get saved. (tool: sqlmap)
fuzz For custom fuzzing of endpoints, subdomains, parameters etc. OBS: Don`t forget to add 'FUZZ' att the position you want to fuzz. (tool: wfuzz)
portscan For portscanning the target. (tool: rustscan)
portscan2 For portscanning the target. (tool: nmap)
config Configuration of the wordlist of wordlists (json file containing wordlists for different uses)
options:
-h, --help show this help message and exit
Help page for ReconRunner.
reconrunner dirs -u http://example.com
reconrunner dirs -u http://example.com --cw /path/to/custom_wordlist.txt
reconrunner dirs -u http://example.com --cl api
reconrunner dirs -u http://example.com --extra '--delay=500ms'
reconrunner subs -u example.com
reconrunner subs2 -u example.com --cw /path/to/custom_wordlist.txt
reconrunner subs2 -u example.com --cl dns
reconrunner subs -u example.com --extra '-recursive'
reconrunner sql -u "http://example.com/vulnerable.php?id=1"
reconrunner sql -f /path/to/file.txt
reconrunner portscan -d <ip>
reconrunner portscan -d <ip> --extra "-g -r 8000-8999"
The tool supports custom wordlists via a configuration file. To customize or add new wordlists:
- Edit Configuration File:
Edit the JSON file located at $HOME/.reconrunner/wordlists-config.json. You can add or remove wordlists, create custom lists, and specify wordlists for different types of enumeration.
- Commands for Configuration:
- Add Wordlist: reconrunner config --add-wordlist [path to wordlist] --to [type-of-list]
- Remove Wordlist: reconrunner config --remove-wordlist [path to wordlist] --from [type-of-list]
- Create List:
reconrunner config --create-list [name]
- Remove List:
reconrunner config --remove-list [name]
- Create wordlist:
reconrunner config --add-list /path/to/wordlist.txt --type [name of the list in the config file]
- Remove wordlist:
reconrunner config --remove-word /path/to/wordlist.txt --type [name of the list in the config file]
- List Info:
reconrunner config --list-info
{
"lfi-linux": [
"/usr/share/wordlists/seclists/Fuzzing/LFI/LFI-etc-files-of-all-linux-packages.txt",
"/usr/share/wordlists/seclists/Fuzzing/LFI/LFI-gracefulsecurity-linux.txt",
"/usr/share/wordlists/seclists/Fuzzing/LFI/LFI-LFISuite-pathtotest-huge.txt",
"/usr/share/wordlists/seclists/Fuzzing/LFI/LFI-LFISuite-pathtotest.txt"
],
"lfi-windows": [
"/usr/share/wordlists/seclists/Fuzzing/LFI/LFI-gracefulsecurity-windows.txt"
],
"dirs": [
"/usr/share/wordlists/seclists/Discovery/Web-Content/quickhits.txt",
"/usr/share/wordlists/seclists/Discovery/Web-Content/common.txt",
"/usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt"
],
"dns": [
"/usr/share/wordlists/seclists/Discovery/DNS/n0kovo_subdomains.txt",
"/usr/share/wordlists/seclists/Discovery/DNS/combined_subdomains.txt",
"/usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt"
],
"sql": [
"/usr/share/seclists/Fuzzing/SQLi/quick-SQLi.txt",
"/usr/share/wordlists/wfuzz/vulns/sql_inj.txt",
"/usr/share/seclists/Fuzzing/SQLi/Generic-SQLi.txt",
"/usr/share/seclists/Fuzzing/SQLi/Generic-BlindSQLi.fuzzdb.txt",
"/usr/share/wordlists/wfuzz/Injections/SQL.txt"
],
"osinjection": [],
"ssti": [],
"xss": ["/usr/share/wordlists/wfuzz/Injections/XSS.txt"],
"xml": [
"/usr/share/wordlists/wfuzz/Injections/XML.txt",
"/usr/share/wordlists/seclists/Fuzzing/XML-FUZZ.txt"
],
"ldap": [
"/usr/share/wordlists/seclists/Fuzzing/LDAP-active-directory-attributes.txt",
"/usr/share/wordlists/seclists/Fuzzing/LDAP-active-directory-classes.txt",
"/usr/share/wordlists/seclists/Fuzzing/LDAP-openldap-attributes.txt",
"/usr/share/wordlists/seclists/Fuzzing/LDAP-openldap-classes.txt",
"/usr/share/wordlists/seclists/Fuzzing/LDAP.Fuzzing.txt"
],
"api": []
}
- Feroxbuster: A tool by Ben "epi" Risher. GitHub Repository
- Gobuster: A tool by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart). GitHub Repository
- Subfinder: A tool by ProjectDiscovery (@projectdiscovery). GitHub Repository
- wfuzz: A tool by @xmendez. GitHub Repository
- sqlmap: A tool by Bernardo Damele A. G. (@bdamele) & Miroslav Stampar (@stamparm). GitHub Repository
- Rustscan: A fast port scanner written in Rust. GitHub Repository
- Nmap: A powerful network scanning tool by Gordon Lyon (@fyodor). GitHub Repository